Solved Windows 7 Ult "Name not available" Malware

Good news :)

redtarget.gif
Uninstall McAfee Security Scan, typical foistware.

redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
IE - HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans..

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jerald
->Temp folder emptied: 8880220 bytes
->Temporary Internet Files folder emptied: 8778932 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 119951546 bytes
->Google Chrome cache emptied: 369339671 bytes
->Flash cache emptied: 1089 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73943447 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 109015630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 553 bytes
RecycleBin emptied: 13070844 bytes

Total Files Cleaned = 670.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jerald
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jerald
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04212014_001639

Files\Folders moved on Reboot...
C:\Users\Jerald\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.82
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 12.0.0.77 Flash Player out of Date!
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 25-02-2014
Ran by Jerald (administrator) on 21-04-2014 at 00:25:06
Running from "C:\Users\Jerald\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Users\mgofebpgghgnhjncpdnjcgpoepememop\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Users\mgofebpgghgnhjncpdnjcgpoepememop\cs.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Jerald\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Jerald\Desktop\All Files\Back up 10.23.11\download\com.modaco.visionaryplus.r14.apk Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Users\Jerald\Desktop\All Files\fable\SKIDROW\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
 
redtarget.gif
Update Firefox to the current 28.0 version.

redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current (Service Pack 1!!!)

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you Thank you Thank you so much for your help! you're very kind helping others out! I ran all the necessary steps you have listed above!

One issue though. I was surfing the web and my computer rebooted randomly. When I turned my computer back on, I noticed something familiar. "Name Not Available" Is reinfection a possible question?

I HAVE'NT heard anything YET, but the audio device is there. Any suggestions?
 

Attachments

  • Audio.png
    Audio.png
    928.8 KB · Views: 2
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Jerald (administrator) on JERALD-PC on 22-04-2014 00:31:32
Running from C:\Users\Jerald\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(Spotify Ltd) C:\Users\Jerald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4032968 2012-11-06] (Binary Fortress Software)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [Spotify] => C:\Users\Jerald\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-13] (Spotify Ltd)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [Spotify Web Helper] => C:\Users\Jerald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-13] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC97780B148DDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {180AB4FF-1B44-4546-AE67-7883ED241B05} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
SearchScopes: HKCU - {6A2DF67D-CC74-4f31-A720-FB5F39FBE828} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
SearchScopes: HKCU - {CEE7BB53-8B3A-4310-8289-3D642F034C2C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {FF35ACC0-57EB-46ef-B4B8-E5942AAB0912} URL = http://www.google.com/cse?cx=partne...me?cx=partner-pub-3794288947762788:4067623346
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jerald\AppData\Roaming\Mozilla\Firefox\Profiles\bd2rdmmt.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jerald\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jerald\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jerald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-17]

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Auto Add to Cart) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkaocimghohimimdoenggnhajkagbjp [2014-04-19]
CHR Extension: (Adblock Plus) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-17]
CHR Extension: (Matt W. Moore) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfnkfaeekjcmeadbdcohacjdjdmlmia [2014-04-17]
CHR Extension: (AdBlock) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [opjebaomffhbebmkanbennmagkdjkclo] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-08] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [42880 2011-09-24] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54216 2009-10-31] (usb camera)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va008; \??\C:\Users\Jerald\AppData\Local\Temp\0088291.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 00:31 - 2014-04-22 00:31 - 00018086 _____ () C:\Users\Jerald\Desktop\FRST.txt
2014-04-22 00:31 - 2014-04-22 00:31 - 00000000 ____D () C:\FRST
2014-04-22 00:30 - 2014-04-22 00:30 - 02061312 _____ (Farbar) C:\Users\Jerald\Desktop\FRST64.exe
2014-04-22 00:00 - 2014-04-22 00:00 - 02347384 _____ (ESET) C:\Users\Jerald\Desktop\esetsmartinstaller_enu.exe
2014-04-21 23:39 - 2014-04-21 23:40 - 00000654 _____ () C:\DelFix.txt
2014-04-21 23:36 - 2014-04-21 23:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 23:36 - 2014-04-21 23:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 23:35 - 2014-04-21 23:34 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 23:28 - 2014-04-22 00:28 - 00000069 _____ () C:\Windows\system32\tbxpd.ygp
2014-04-21 23:18 - 2014-04-21 23:18 - 00000064 _____ () C:\Windows\system32\uwwhd.dlw
2014-04-21 23:18 - 2014-04-21 23:18 - 00000000 _____ () C:\Windows\system32\pywtw.gyx
2014-04-21 23:02 - 2014-04-21 23:02 - 00236804 ____S () C:\Windows\system32\swis.xhw
2014-04-21 08:35 - 2014-04-21 08:35 - 00000799 _____ () C:\Users\Public\Documents\eset.txt
2014-04-21 00:31 - 2014-04-21 00:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-21 00:30 - 2014-04-21 00:30 - 01682336 _____ (ESET) C:\Users\Jerald\Desktop\eset_nod32_antivirus_live_installer.exe
2014-04-21 00:16 - 2014-04-21 00:16 - 00000000 ____D () C:\_OTL
2014-04-19 01:21 - 2014-04-19 08:35 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 01:19 - 2014-04-19 01:19 - 00002434 _____ () C:\Windows\System32\Tasks\0414bUpdateInfo
2014-04-18 22:13 - 2014-04-21 23:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 23:56 - 2014-04-18 11:42 - 00000000 ____D () C:\Users\Jerald\AppData\Local\CrashDumps
2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\AVG2014
2014-04-17 22:57 - 2014-04-17 22:57 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-17 22:57 - 2014-04-17 22:57 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\TuneUp Software
2014-04-17 22:56 - 2014-04-17 22:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-17 22:52 - 2014-04-18 14:40 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Avg2014
2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\MFAData
2014-04-17 22:25 - 2014-04-18 12:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-17 20:43 - 2014-04-19 00:12 - 00000000 ____D () C:\Users\Jerald\AppData\Local\LogMeIn Hamachi
2014-04-17 20:42 - 2014-04-21 23:18 - 00001447 _____ () C:\Windows\setupact.log
2014-04-17 20:42 - 2014-04-21 00:27 - 00018872 _____ () C:\Windows\PFRO.log
2014-04-17 20:42 - 2014-04-17 20:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 20:40 - 2014-04-18 22:08 - 00000000 ____D () C:\AdwCleaner
2014-04-17 18:49 - 2014-04-17 19:24 - 00001466 _____ () C:\Windows\system32\.crusader
2014-04-17 18:41 - 2014-04-17 18:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 18:12 - 2014-04-21 23:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 18:11 - 2014-04-18 11:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 18:11 - 2014-04-17 18:11 - 00001106 _____ () C:\Users\Jerald\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 18:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 18:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 17:14 - 2014-04-17 17:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-17 16:49 - 2014-04-18 22:02 - 00000000 ____D () C:\Qoobox
2014-04-17 16:48 - 2014-04-17 20:02 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 13:27 - 2014-04-18 18:22 - 00037888 _____ () C:\Windows\system32\jwgitba.gvp
2014-04-16 22:33 - 2014-04-18 17:31 - 00000083 _____ () C:\Windows\system32\vspvlfb.rof
2014-04-16 22:22 - 2014-04-18 18:22 - 00000107 _____ () C:\Windows\system32\ngngtw.sfp
2014-04-16 22:22 - 2014-04-16 22:22 - 00000064 _____ () C:\Windows\system32\jakcvoj.ywq
2014-04-16 22:06 - 2014-04-16 22:06 - 00246151 ____S () C:\Windows\system32\ehwqcmg.zex
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\Users\Jerald\AppData\Local\WarThunder
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\ProgramData\WarThunder
2014-04-02 23:30 - 2014-04-02 23:30 - 00000000 ____D () C:\Program Files (x86)\OGPlanet
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-04-22 00:31 - 2014-04-22 00:31 - 00018086 _____ () C:\Users\Jerald\Desktop\FRST.txt
2014-04-22 00:31 - 2014-04-22 00:31 - 00000000 ____D () C:\FRST
2014-04-22 00:31 - 2012-05-26 14:08 - 00000000 ____D () C:\Users\Jerald\AppData\Local\PMB Files
2014-04-22 00:31 - 2012-05-26 14:08 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-22 00:31 - 2012-04-07 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 00:30 - 2014-04-22 00:30 - 02061312 _____ (Farbar) C:\Users\Jerald\Desktop\FRST64.exe
2014-04-22 00:28 - 2014-04-21 23:28 - 00000069 _____ () C:\Windows\system32\tbxpd.ygp
2014-04-22 00:26 - 2011-03-08 00:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA.job
2014-04-22 00:14 - 2012-03-21 15:30 - 01196037 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 00:00 - 2014-04-22 00:00 - 02347384 _____ (ESET) C:\Users\Jerald\Desktop\esetsmartinstaller_enu.exe
2014-04-21 23:54 - 2011-04-19 03:25 - 03707904 ___SH () C:\Users\Jerald\Desktop\Thumbs.db
2014-04-21 23:43 - 2011-04-13 22:51 - 00000000 ____D () C:\Users\Jerald\Desktop\All Files
2014-04-21 23:40 - 2014-04-21 23:39 - 00000654 _____ () C:\DelFix.txt
2014-04-21 23:40 - 2014-04-18 22:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 23:38 - 2011-03-07 23:09 - 00000000 ____D () C:\Users\Jerald\AppData\Local\VirtualStore
2014-04-21 23:36 - 2014-04-21 23:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 23:36 - 2014-04-21 23:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 23:36 - 2012-11-17 08:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 23:36 - 2012-11-17 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 23:36 - 2011-03-08 01:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-21 23:34 - 2014-04-21 23:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-21 23:31 - 2012-04-07 15:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-21 23:31 - 2012-04-07 15:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 23:31 - 2012-04-07 15:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-21 23:31 - 2011-06-23 04:46 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Adobe
2014-04-21 23:30 - 2012-04-06 12:20 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 23:29 - 2012-04-06 12:19 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 23:29 - 2012-04-06 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 23:20 - 2012-12-11 00:29 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\Spotify
2014-04-21 23:19 - 2014-04-17 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 23:18 - 2014-04-21 23:18 - 00000064 _____ () C:\Windows\system32\uwwhd.dlw
2014-04-21 23:18 - 2014-04-21 23:18 - 00000000 _____ () C:\Windows\system32\pywtw.gyx
2014-04-21 23:18 - 2014-04-17 20:42 - 00001447 _____ () C:\Windows\setupact.log
2014-04-21 23:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 23:02 - 2014-04-21 23:02 - 00236804 ____S () C:\Windows\system32\swis.xhw
2014-04-21 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-21 20:07 - 2011-03-13 00:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 08:35 - 2014-04-21 08:35 - 00000799 _____ () C:\Users\Public\Documents\eset.txt
2014-04-21 05:26 - 2011-03-08 00:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core.job
2014-04-21 00:31 - 2014-04-21 00:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-21 00:30 - 2014-04-21 00:30 - 01682336 _____ (ESET) C:\Users\Jerald\Desktop\eset_nod32_antivirus_live_installer.exe
2014-04-21 00:27 - 2014-04-17 20:42 - 00018872 _____ () C:\Windows\PFRO.log
2014-04-21 00:25 - 2009-07-14 00:13 - 00782462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 00:16 - 2014-04-21 00:16 - 00000000 ____D () C:\_OTL
2014-04-19 08:35 - 2014-04-19 01:21 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 01:19 - 2014-04-19 01:19 - 00002434 _____ () C:\Windows\System32\Tasks\0414bUpdateInfo
2014-04-19 00:12 - 2014-04-17 20:43 - 00000000 ____D () C:\Users\Jerald\AppData\Local\LogMeIn Hamachi
2014-04-18 22:08 - 2014-04-17 20:40 - 00000000 ____D () C:\AdwCleaner
2014-04-18 22:02 - 2014-04-17 16:49 - 00000000 ____D () C:\Qoobox
2014-04-18 22:00 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 18:30 - 2009-07-13 23:45 - 00012384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 18:30 - 2009-07-13 23:45 - 00012384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 18:22 - 2014-04-17 13:27 - 00037888 _____ () C:\Windows\system32\jwgitba.gvp
2014-04-18 18:22 - 2014-04-16 22:22 - 00000107 _____ () C:\Windows\system32\ngngtw.sfp
2014-04-18 17:31 - 2014-04-16 22:33 - 00000083 _____ () C:\Windows\system32\vspvlfb.rof
2014-04-18 14:40 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Avg2014
2014-04-18 13:25 - 2014-03-02 16:57 - 00001080 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-04-18 12:48 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-18 12:21 - 2014-04-17 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-18 11:43 - 2014-04-17 18:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 11:42 - 2014-04-17 23:56 - 00000000 ____D () C:\Users\Jerald\AppData\Local\CrashDumps
2014-04-17 23:13 - 2011-03-13 00:23 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\AVG2014
2014-04-17 22:59 - 2014-04-17 22:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-17 22:57 - 2014-04-17 22:57 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-17 22:57 - 2014-04-17 22:57 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\TuneUp Software
2014-04-17 22:57 - 2013-02-17 19:17 - 00000000 ____D () C:\$AVG
2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\MFAData
2014-04-17 22:51 - 2011-03-13 00:24 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-04-17 22:17 - 2011-03-07 23:09 - 00000000 ____D () C:\Users\Jerald
2014-04-17 22:16 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-17 22:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 22:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 20:42 - 2014-04-17 20:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 20:42 - 2009-07-13 23:45 - 05069312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 20:39 - 2011-03-07 23:17 - 00152824 _____ () C:\Users\Jerald\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 20:22 - 2012-03-07 09:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 20:22 - 2011-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-17 20:20 - 2011-04-13 22:50 - 00000000 ____D () C:\Users\Jerald\Desktop\Games
2014-04-17 20:02 - 2014-04-17 16:48 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 19:29 - 2011-05-01 02:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-17 19:27 - 2011-04-05 14:01 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\uTorrent
2014-04-17 19:24 - 2014-04-17 18:49 - 00001466 _____ () C:\Windows\system32\.crusader
2014-04-17 18:50 - 2014-04-17 18:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 18:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-04-17 18:11 - 2014-04-17 18:11 - 00001106 _____ () C:\Users\Jerald\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 17:52 - 2009-07-13 21:34 - 77594624 _____ () C:\Windows\system32\config\software.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 30146560 _____ () C:\Windows\system32\config\system.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 01835008 _____ () C:\Windows\system32\config\default.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-04-17 17:14 - 2014-04-17 17:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-16 23:08 - 2012-12-11 00:30 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Spotify
2014-04-16 22:22 - 2014-04-16 22:22 - 00000064 _____ () C:\Windows\system32\jakcvoj.ywq
2014-04-16 22:22 - 2013-11-16 15:37 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 22:06 - 2014-04-16 22:06 - 00246151 ____S () C:\Windows\system32\ehwqcmg.zex
2014-04-15 23:44 - 2011-04-18 17:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\Users\Jerald\AppData\Local\WarThunder
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\ProgramData\WarThunder
2014-04-15 21:33 - 2011-04-05 16:27 - 00000000 ____D () C:\Users\Jerald\Documents\My Games
2014-04-15 19:48 - 2011-03-08 02:12 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-15 00:13 - 2013-07-17 23:29 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-04-14 23:26 - 2013-06-10 19:16 - 00000000 ____D () C:\Users\Jerald\Documents\FIFA 13
2014-04-13 16:47 - 2013-12-17 01:17 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\XBMC
2014-04-13 12:46 - 2011-05-20 21:38 - 00774020 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-10 15:47 - 2011-03-08 00:55 - 00002374 _____ () C:\Users\Jerald\Desktop\Google Chrome.lnk
2014-04-06 22:04 - 2012-06-15 22:45 - 00000000 ____D () C:\Users\Jerald\AppData\Local\libimobiledevice
2014-04-03 09:51 - 2014-04-17 18:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 18:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 23:30 - 2014-04-02 23:30 - 00000000 ____D () C:\Program Files (x86)\OGPlanet
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 21:34 - 2014-02-18 23:50 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-03-31 21:34 - 2014-02-18 23:50 - 00000000 ____D () C:\Program Files (x86)\oovoo
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-28 10:20 - 2011-03-08 01:43 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\.minecraft
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 05:21 - 2011-03-08 00:50 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA
2014-03-27 05:21 - 2011-03-08 00:50 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Jerald\jagex_cl_runescape_LIVE.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0514048 ____A (Microsoft Corporation) D2DAA96A7F8FF882E3ADB8E067353523

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 02:50

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Jerald at 2014-04-22 00:32:15
Running from C:\Users\Jerald\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version: - Microsoft)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.1.0.50504 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
Belkin F5D8053 N Wireless USB Adapter (HKLM-x32\...\InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}) (Version: 2.0.0.10 - Belkin)
Belkin F5D8053 N Wireless USB Adapter (x32 Version: 2.0.0.10 - Belkin) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM-x32\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version: - Ritual)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
DFOLauncher (HKLM-x32\...\DFO) (Version: - )
DisplayFusion 4.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.3.0.0 - Binary Fortress Software)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - )
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.00 - Ubisoft)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.1.0.0 - Electronic Arts)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Development Kit 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.100 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.5.2 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (ARP entry) (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (Redists) (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 (Shared Components) (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 (Visual Studio) (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Documentation (x32 Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
NBA 2K12 (HKLM-x32\...\{04E9B02B-4F85-4B73-B865-27B9B8B35877}) (Version: 1.0.0 - 2K Sports)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.2 - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.3001 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.5033 - APN, LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pinnacle Studio 15 Ultimate Plugins (HKLM-x32\...\{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype™ 6.5 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2091.2 - Hi-Rez Studios)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.22.9 - Electronic Arts)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Movie Maker 6.0 (HKLM-x32\...\Windows Movie Maker 6.0) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)

==================== Restore Points =========================

18-04-2014 00:27:49 Removed LogMeIn Hamachi
18-04-2014 00:28:43 Removed Skype Click to Call
18-04-2014 00:30:41 Removed Microsoft Kinect 1.0 Beta2 SDK
18-04-2014 03:11:34 before new antivirus
18-04-2014 03:13:38 Restore Operation
18-04-2014 03:55:23 Installed AVG 2014
18-04-2014 03:56:24 Installed AVG 2014
18-04-2014 16:27:58 before melware anti
22-04-2014 04:33:16 Installed Java 7 Update 55 (64-bit)
22-04-2014 04:35:45 Installed Java 7 Update 55
22-04-2014 04:41:06 Windows Update
22-04-2014 04:42:56 Windows Update
22-04-2014 04:44:11 Windows Update

==================== Hosts content: ==========================

2013-02-02 11:56 - 2014-04-17 17:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {13AFEBCC-9FEF-44E5-8592-648A39C1A641} - System32\Tasks\{C9178A68-C307-430C-BBE0-B9337972A94B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {157AE2EF-AF58-496F-88FA-D53A16D414F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {230E5F93-3EC2-4C5C-8C77-F151A799C210} - System32\Tasks\0414bUpdateInfo => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: {252519BB-2D47-46FF-AD9B-F1A1A0E9A4B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA => C:\Users\Jerald\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-08] (Google Inc.)
Task: {4E116A49-DC74-4D6D-A478-88B422A9CD24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core => C:\Users\Jerald\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-08] (Google Inc.)
Task: {72111E50-80B7-4D03-ADBD-AE1E07CCB06E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21] (Adobe Systems Incorporated)
Task: {74A16438-239A-4F36-B0F9-1BAFB1952868} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {A9620AF7-B4CB-48A3-A345-6049DD08104E} - System32\Tasks\{8736613D-9F4C-41CE-842F-CDCEF1B479F3} => C:\Program Files (x86)\Star Wars Battlefront II\daemon347.exe
Task: {C72ADE6A-9EC3-4CD5-88E4-C119BABBEAA3} - System32\Tasks\{8720D5CB-D38F-42EA-AC46-3CC420A81B49} => Chrome.exe http://ui.skype.com/ui/0/5.5.0.124/...notincluded,google-chrome:notoffered;disabled
Task: {E56CD949-5515-4EA3-95E0-02C8F19F2F62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core.job => C:\Users\Jerald\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA.job => C:\Users\Jerald\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-07 23:30 - 2010-01-18 21:31 - 00072304 ____N () C:\Windows\SysWOW64\XSrvSetup.exe
2012-08-03 12:47 - 2013-05-08 21:49 - 00076888 ____N () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-07 23:17 - 2006-12-11 03:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-05-05 22:47 - 2011-10-29 10:21 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-05-27 11:37 - 2014-03-29 02:34 - 05329400 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
2013-07-10 11:40 - 2013-07-10 11:40 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe
2012-05-26 14:07 - 2012-05-26 14:08 - 03089488 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-16 23:01 - 2014-03-29 02:34 - 00264696 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\RiotLauncher.dll
2014-04-10 15:47 - 2014-04-01 20:57 - 00065352 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 15:47 - 2014-04-01 20:57 - 00674632 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 15:47 - 2014-04-01 20:57 - 00093000 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 15:47 - 2014-04-01 20:57 - 04081480 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 15:47 - 2014-04-01 20:58 - 00390472 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 15:47 - 2014-04-01 20:57 - 01647432 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 15:47 - 2014-04-01 20:58 - 13691720 _____ () C:\Users\Jerald\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2011-05-05 23:21 - 2014-04-03 11:55 - 16510456 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\League of Legends.exe
2013-01-17 15:01 - 2014-04-03 11:56 - 01494520 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.17\deploy\RiotLauncher.dll
2013-09-16 23:54 - 2014-03-29 02:34 - 00380408 _____ () C:\Riot Games\League of Legends\RADS\RiotRadsIO.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0913a => C:\Users\Jerald\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 699a15d9433047d6ac88cd262348a9d6-67392085affc47baa27de60ed6728898d677bbe9 --CMPID 0913a
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jerald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Jerald\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 00:01:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (04/22/2014 00:00:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (04/22/2014 00:00:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (04/21/2014 11:19:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (04/21/2014 11:18:57 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (04/21/2014 09:20:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16084

Error: (04/21/2014 09:20:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16084

Error: (04/21/2014 09:20:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/21/2014 09:20:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15086

Error: (04/21/2014 09:20:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15086


System errors:
=============
Error: (04/22/2014 00:01:52 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/22/2014 00:01:21 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:56:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:41:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:40:41 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:40:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:32:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:21:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Error: (04/21/2014 11:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (04/21/2014 11:18:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:16:30 PM on ‎4/‎21/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-04-17 17:38:29.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-17 17:38:29.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 4093.55 MB
Available physical RAM: 835.59 MB
Total Pagefile: 8185.26 MB
Available Pagefile: 3644.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:482.72 GB) NTFS
Drive d: (SC2-L100-D1) (CDROM) (Total:6.99 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C67BAE17)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Re-run FRST again.
Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes in your reply.
 
Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Jerald at 2014-04-22 17:36:15
Running from C:\Users\Jerald\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____N (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0514048 ____A (Microsoft Corporation) D2DAA96A7F8FF882E3ADB8E067353523

C:\Windows\erdnt\cache64\rpcss.dll
[2014-04-18 22:01] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

IMPORTANT! Restart computer.

Re-run FRST "Scan" one more time and post fresh log.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Jerald at 2014-04-22 19:54:48 Run:1
Running from C:\Users\Jerald\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va008; \??\C:\Users\Jerald\AppData\Local\Temp\0088291.tmp [X]
2014-04-21 23:28 - 2014-04-22 00:28 - 00000069 _____ () C:\Windows\system32\tbxpd.ygp
2014-04-21 23:18 - 2014-04-21 23:18 - 00000064 _____ () C:\Windows\system32\uwwhd.dlw
2014-04-21 23:18 - 2014-04-21 23:18 - 00000000 _____ () C:\Windows\system32\pywtw.gyx
2014-04-21 23:02 - 2014-04-21 23:02 - 00236804 ____S () C:\Windows\system32\swis.xhw
2014-04-17 13:27 - 2014-04-18 18:22 - 00037888 _____ () C:\Windows\system32\jwgitba.gvp
2014-04-16 22:33 - 2014-04-18 17:31 - 00000083 _____ () C:\Windows\system32\vspvlfb.rof
2014-04-16 22:22 - 2014-04-18 18:22 - 00000107 _____ () C:\Windows\system32\ngngtw.sfp
2014-04-16 22:22 - 2014-04-16 22:22 - 00000064 _____ () C:\Windows\system32\jakcvoj.ywq
2014-04-16 22:06 - 2014-04-16 22:06 - 00246151 ____S () C:\Windows\system32\ehwqcmg.zex
C:\ProgramData\hash.dat
C:\Users\Jerald\jagex_cl_runescape_LIVE.dat
Replace: C:\Windows\erdnt\cache64\rpcss.dll C:\Windows\System32\rpcss.dll
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
X6va008 => Service deleted successfully.
C:\Windows\system32\tbxpd.ygp => Moved successfully.
C:\Windows\system32\uwwhd.dlw => Moved successfully.
Could not move "C:\Windows\system32\pywtw.gyx" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\swis.xhw" => Scheduled to move on reboot.
C:\Windows\system32\jwgitba.gvp => Moved successfully.
C:\Windows\system32\vspvlfb.rof => Moved successfully.
C:\Windows\system32\ngngtw.sfp => Moved successfully.
C:\Windows\system32\jakcvoj.ywq => Moved successfully.
C:\Windows\system32\ehwqcmg.zex => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Jerald\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\erdnt\cache64\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-22 19:58:25)<=

C:\Windows\system32\pywtw.gyx => Is moved successfully.
C:\Windows\system32\swis.xhw => Is moved successfully.

==== End of Fixlog ====
 
NO! its actually gone!! THANK YOU SOOO MUCHH!!! you've made my day! I thought I was gonna be stuck with this forever!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Jerald (administrator) on JERALD-PC on 22-04-2014 23:01:21
Running from C:\Users\Jerald\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(ooVoo LLC) C:\Program Files (x86)\oovoo\ooVoo.exe
(Spotify Ltd) C:\Users\Jerald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4032968 2012-11-06] (Binary Fortress Software)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [Spotify] => C:\Users\Jerald\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-13] (Spotify Ltd)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-3780342535-3109140223-2840449856-1000\...\Run: [Spotify Web Helper] => C:\Users\Jerald\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-13] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC97780B148DDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {180AB4FF-1B44-4546-AE67-7883ED241B05} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
SearchScopes: HKCU - {6A2DF67D-CC74-4f31-A720-FB5F39FBE828} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
SearchScopes: HKCU - {CEE7BB53-8B3A-4310-8289-3D642F034C2C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {FF35ACC0-57EB-46ef-B4B8-E5942AAB0912} URL = http://www.google.com/cse?cx=partne...me?cx=partner-pub-3794288947762788:4067623346
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jerald\AppData\Roaming\Mozilla\Firefox\Profiles\bd2rdmmt.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jerald\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jerald\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jerald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-17]

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Auto Add to Cart) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkaocimghohimimdoenggnhajkagbjp [2014-04-19]
CHR Extension: (Adblock Plus) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-17]
CHR Extension: (Matt W. Moore) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfnkfaeekjcmeadbdcohacjdjdmlmia [2014-04-17]
CHR Extension: (AdBlock) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\Jerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [opjebaomffhbebmkanbennmagkdjkclo] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7C\CRX\ToolbarCR.crx [2013-08-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Jerald\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-08] ()

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [42880 2011-09-24] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [54216 2009-10-31] (usb camera)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 17:36 - 2014-04-22 17:41 - 00000780 _____ () C:\Users\Jerald\Desktop\Search.txt
2014-04-22 00:32 - 2014-04-22 00:33 - 00043715 _____ () C:\Users\Jerald\Desktop\Addition.txt
2014-04-22 00:31 - 2014-04-22 23:01 - 00017524 _____ () C:\Users\Jerald\Desktop\FRST.txt
2014-04-22 00:31 - 2014-04-22 23:01 - 00000000 ____D () C:\FRST
2014-04-22 00:30 - 2014-04-22 00:30 - 02061312 _____ (Farbar) C:\Users\Jerald\Desktop\FRST64.exe
2014-04-22 00:00 - 2014-04-22 00:00 - 02347384 _____ (ESET) C:\Users\Jerald\Desktop\esetsmartinstaller_enu.exe
2014-04-21 23:39 - 2014-04-21 23:40 - 00000654 _____ () C:\DelFix.txt
2014-04-21 23:36 - 2014-04-21 23:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 23:36 - 2014-04-21 23:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 23:35 - 2014-04-21 23:34 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 08:35 - 2014-04-21 08:35 - 00000799 _____ () C:\Users\Public\Documents\eset.txt
2014-04-21 00:31 - 2014-04-21 00:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-21 00:30 - 2014-04-21 00:30 - 01682336 _____ (ESET) C:\Users\Jerald\Desktop\eset_nod32_antivirus_live_installer.exe
2014-04-21 00:16 - 2014-04-21 00:16 - 00000000 ____D () C:\_OTL
2014-04-19 01:21 - 2014-04-19 08:35 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 01:19 - 2014-04-19 01:19 - 00002434 _____ () C:\Windows\System32\Tasks\0414bUpdateInfo
2014-04-18 22:13 - 2014-04-21 23:40 - 00000000 ____D () C:\Windows\ERUNT
2014-04-17 23:56 - 2014-04-18 11:42 - 00000000 ____D () C:\Users\Jerald\AppData\Local\CrashDumps
2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\AVG2014
2014-04-17 22:57 - 2014-04-17 22:57 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-17 22:57 - 2014-04-17 22:57 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\TuneUp Software
2014-04-17 22:56 - 2014-04-17 22:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-17 22:52 - 2014-04-18 14:40 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Avg2014
2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\MFAData
2014-04-17 22:25 - 2014-04-18 12:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-17 20:43 - 2014-04-19 00:12 - 00000000 ____D () C:\Users\Jerald\AppData\Local\LogMeIn Hamachi
2014-04-17 20:42 - 2014-04-22 19:57 - 00001503 _____ () C:\Windows\setupact.log
2014-04-17 20:42 - 2014-04-21 00:27 - 00018872 _____ () C:\Windows\PFRO.log
2014-04-17 20:42 - 2014-04-17 20:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 20:40 - 2014-04-18 22:08 - 00000000 ____D () C:\AdwCleaner
2014-04-17 18:49 - 2014-04-17 19:24 - 00001466 _____ () C:\Windows\system32\.crusader
2014-04-17 18:41 - 2014-04-17 18:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 18:12 - 2014-04-22 20:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 18:11 - 2014-04-18 11:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-17 18:11 - 2014-04-17 18:11 - 00001106 _____ () C:\Users\Jerald\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 18:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-17 18:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-17 17:14 - 2014-04-17 17:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-17 16:49 - 2014-04-18 22:02 - 00000000 ____D () C:\Qoobox
2014-04-17 16:48 - 2014-04-17 20:02 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\Users\Jerald\AppData\Local\WarThunder
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\ProgramData\WarThunder
2014-04-02 23:30 - 2014-04-02 23:30 - 00000000 ____D () C:\Program Files (x86)\OGPlanet
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-04-22 23:01 - 2014-04-22 00:31 - 00017524 _____ () C:\Users\Jerald\Desktop\FRST.txt
2014-04-22 23:01 - 2014-04-22 00:31 - 00000000 ____D () C:\FRST
2014-04-22 23:00 - 2012-05-26 14:08 - 00000000 ____D () C:\Users\Jerald\AppData\Local\PMB Files
2014-04-22 23:00 - 2012-05-26 14:08 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-22 22:31 - 2012-04-07 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 22:26 - 2011-03-08 00:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA.job
2014-04-22 20:52 - 2014-04-17 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 20:00 - 2012-12-11 00:29 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\Spotify
2014-04-22 19:59 - 2012-12-11 00:30 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Spotify
2014-04-22 19:57 - 2014-04-17 20:42 - 00001503 _____ () C:\Windows\setupact.log
2014-04-22 19:57 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 19:55 - 2012-03-21 15:30 - 01200129 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 19:54 - 2011-03-07 23:09 - 00000000 ____D () C:\Users\Jerald
2014-04-22 18:12 - 2011-03-13 00:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-22 17:41 - 2014-04-22 17:36 - 00000780 _____ () C:\Users\Jerald\Desktop\Search.txt
2014-04-22 05:26 - 2011-03-08 00:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core.job
2014-04-22 00:33 - 2014-04-22 00:32 - 00043715 _____ () C:\Users\Jerald\Desktop\Addition.txt
2014-04-22 00:30 - 2014-04-22 00:30 - 02061312 _____ (Farbar) C:\Users\Jerald\Desktop\FRST64.exe
2014-04-22 00:00 - 2014-04-22 00:00 - 02347384 _____ (ESET) C:\Users\Jerald\Desktop\esetsmartinstaller_enu.exe
2014-04-21 23:54 - 2011-04-19 03:25 - 03707904 ___SH () C:\Users\Jerald\Desktop\Thumbs.db
2014-04-21 23:43 - 2011-04-13 22:51 - 00000000 ____D () C:\Users\Jerald\Desktop\All Files
2014-04-21 23:40 - 2014-04-21 23:39 - 00000654 _____ () C:\DelFix.txt
2014-04-21 23:40 - 2014-04-18 22:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-21 23:38 - 2011-03-07 23:09 - 00000000 ____D () C:\Users\Jerald\AppData\Local\VirtualStore
2014-04-21 23:36 - 2014-04-21 23:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 23:36 - 2014-04-21 23:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 23:36 - 2014-04-21 23:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 23:36 - 2012-11-17 08:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 23:36 - 2012-11-17 08:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-21 23:36 - 2011-03-08 01:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-21 23:34 - 2014-04-21 23:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-21 23:34 - 2014-04-21 23:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-21 23:31 - 2012-04-07 15:52 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-21 23:31 - 2012-04-07 15:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 23:31 - 2012-04-07 15:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-21 23:31 - 2011-06-23 04:46 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Adobe
2014-04-21 23:30 - 2012-04-06 12:20 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-21 23:29 - 2014-04-21 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-21 23:29 - 2012-04-06 12:19 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-21 23:29 - 2012-04-06 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 23:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-21 08:35 - 2014-04-21 08:35 - 00000799 _____ () C:\Users\Public\Documents\eset.txt
2014-04-21 00:31 - 2014-04-21 00:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-21 00:30 - 2014-04-21 00:30 - 01682336 _____ (ESET) C:\Users\Jerald\Desktop\eset_nod32_antivirus_live_installer.exe
2014-04-21 00:27 - 2014-04-17 20:42 - 00018872 _____ () C:\Windows\PFRO.log
2014-04-21 00:25 - 2009-07-14 00:13 - 00782462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 00:16 - 2014-04-21 00:16 - 00000000 ____D () C:\_OTL
2014-04-19 08:35 - 2014-04-19 01:21 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-19 01:19 - 2014-04-19 01:19 - 00002434 _____ () C:\Windows\System32\Tasks\0414bUpdateInfo
2014-04-19 00:12 - 2014-04-17 20:43 - 00000000 ____D () C:\Users\Jerald\AppData\Local\LogMeIn Hamachi
2014-04-18 22:08 - 2014-04-17 20:40 - 00000000 ____D () C:\AdwCleaner
2014-04-18 22:02 - 2014-04-17 16:49 - 00000000 ____D () C:\Qoobox
2014-04-18 22:00 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-18 18:30 - 2009-07-13 23:45 - 00012384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 18:30 - 2009-07-13 23:45 - 00012384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 14:40 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\Avg2014
2014-04-18 13:25 - 2014-03-02 16:57 - 00001080 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-04-18 12:48 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-18 12:21 - 2014-04-17 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-18 11:43 - 2014-04-17 18:11 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 11:42 - 2014-04-17 23:56 - 00000000 ____D () C:\Users\Jerald\AppData\Local\CrashDumps
2014-04-17 23:13 - 2011-03-13 00:23 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-17 23:00 - 2014-04-17 23:00 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\AVG2014
2014-04-17 22:59 - 2014-04-17 22:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-17 22:57 - 2014-04-17 22:57 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-17 22:57 - 2014-04-17 22:57 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\TuneUp Software
2014-04-17 22:57 - 2013-02-17 19:17 - 00000000 ____D () C:\$AVG
2014-04-17 22:52 - 2014-04-17 22:52 - 00000000 ____D () C:\Users\Jerald\AppData\Local\MFAData
2014-04-17 22:51 - 2011-03-13 00:24 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-04-17 22:16 - 2009-07-14 02:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-17 22:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-17 22:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-17 20:42 - 2014-04-17 20:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-17 20:42 - 2009-07-13 23:45 - 05069312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-17 20:39 - 2011-03-07 23:17 - 00152824 _____ () C:\Users\Jerald\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 20:22 - 2012-03-07 09:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 20:22 - 2011-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-17 20:20 - 2011-04-13 22:50 - 00000000 ____D () C:\Users\Jerald\Desktop\Games
2014-04-17 20:02 - 2014-04-17 16:48 - 00000000 ____D () C:\Windows\erdnt
2014-04-17 19:29 - 2011-05-01 02:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-17 19:27 - 2011-04-05 14:01 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\uTorrent
2014-04-17 19:24 - 2014-04-17 18:49 - 00001466 _____ () C:\Windows\system32\.crusader
2014-04-17 18:50 - 2014-04-17 18:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-17 18:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-04-17 18:11 - 2014-04-17 18:11 - 00001106 _____ () C:\Users\Jerald\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-17 18:11 - 2014-04-17 18:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-17 17:52 - 2009-07-13 21:34 - 77594624 _____ () C:\Windows\system32\config\software.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 30146560 _____ () C:\Windows\system32\config\system.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 01835008 _____ () C:\Windows\system32\config\default.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-04-17 17:52 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-04-17 17:14 - 2014-04-17 17:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-16 22:22 - 2013-11-16 15:37 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 23:44 - 2011-04-18 17:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\Users\Jerald\AppData\Local\WarThunder
2014-04-15 21:33 - 2014-04-15 21:33 - 00000000 ____D () C:\ProgramData\WarThunder
2014-04-15 21:33 - 2011-04-05 16:27 - 00000000 ____D () C:\Users\Jerald\Documents\My Games
2014-04-15 19:48 - 2011-03-08 02:12 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-15 00:13 - 2013-07-17 23:29 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-04-14 23:26 - 2013-06-10 19:16 - 00000000 ____D () C:\Users\Jerald\Documents\FIFA 13
2014-04-13 16:47 - 2013-12-17 01:17 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\XBMC
2014-04-13 12:46 - 2011-05-20 21:38 - 00774020 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-10 15:47 - 2011-03-08 00:55 - 00002374 _____ () C:\Users\Jerald\Desktop\Google Chrome.lnk
2014-04-06 22:04 - 2012-06-15 22:45 - 00000000 ____D () C:\Users\Jerald\AppData\Local\libimobiledevice
2014-04-03 09:51 - 2014-04-17 18:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-17 18:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 23:30 - 2014-04-02 23:30 - 00000000 ____D () C:\Program Files (x86)\OGPlanet
2014-04-01 21:03 - 2014-04-01 21:03 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 21:34 - 2014-02-18 23:50 - 00001857 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2014-03-31 21:34 - 2014-02-18 23:50 - 00000000 ____D () C:\Program Files (x86)\oovoo
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-28 10:20 - 2011-03-08 01:43 - 00000000 ____D () C:\Users\Jerald\AppData\Roaming\.minecraft
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-03-27 05:21 - 2011-03-08 00:50 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000UA
2014-03-27 05:21 - 2011-03-08 00:50 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3780342535-3109140223-2840449856-1000Core

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 02:50

==================== End Of Log ============================
 
Great!

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

A
An old and unreleased beta build of Windows 7 has leaked online
Replies
8
Views
111
ZedRM
ZedRM
midian182
Tim Cook confirms Vision Pro's launch in China this year, emphasizes Apple's strong relationship with country
Replies
11
Views
179
netman
netman
midian182
Google changes Bard's name to Gemini: unveils new Android app and advanced AI model
Replies
2
Views
243
Mr Majestyk
M

Latest posts

Back